diff options
Diffstat (limited to 'abs/core/pam/0e9b286afe1224b91ff00936058b084ad4b776e4.patch')
-rw-r--r-- | abs/core/pam/0e9b286afe1224b91ff00936058b084ad4b776e4.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/abs/core/pam/0e9b286afe1224b91ff00936058b084ad4b776e4.patch b/abs/core/pam/0e9b286afe1224b91ff00936058b084ad4b776e4.patch new file mode 100644 index 0000000..5715b8f --- /dev/null +++ b/abs/core/pam/0e9b286afe1224b91ff00936058b084ad4b776e4.patch @@ -0,0 +1,31 @@ +From 0e9b286afe1224b91ff00936058b084ad4b776e4 Mon Sep 17 00:00:00 2001 +From: ikerexxe <ipedrosa@redhat.com> +Date: Tue, 16 Jun 2020 14:44:04 +0200 +Subject: [PATCH] pam_usertype: avoid determining if user exists + +Taking a look at the time for the password prompt to appear it was +possible to determine if a user existed in a system. Solved it by +matching the runtime until the password prompt was shown by always +checking the password hash for an existing and a non-existing user. + +Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1629598 +--- + modules/pam_usertype/pam_usertype.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/modules/pam_usertype/pam_usertype.c b/modules/pam_usertype/pam_usertype.c +index 2807c306..d03b73b5 100644 +--- a/modules/pam_usertype/pam_usertype.c ++++ b/modules/pam_usertype/pam_usertype.c +@@ -139,8 +139,11 @@ pam_usertype_get_uid(struct pam_usertype_opts *opts, + "error retrieving information about user %s", username); + } + ++ pam_modutil_getpwnam(pamh, "root"); ++ + return PAM_USER_UNKNOWN; + } ++ pam_modutil_getpwnam(pamh, "pam_usertype_non_existent:"); + + *_uid = pwd->pw_uid; + |